—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco IOS XE Software and Cisco ASA 5500-X Series Adaptive Security Appliance IPsec Denial of Service Vulnerability

Advisory ID: cisco-sa-20180926-ipsec

Revision: 1.0

For Public Release: 2018 September 26 16:00 GMT

Last Updated: 2018 September 26 16:00 GMT

CVE ID(s): CVE-2018-0472

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+———————————————————————

Summary

=======

A vulnerability in the IPsec driver code of multiple Cisco IOS XE Software platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the device to reload.

The vulnerability is due to improper processing of malformed IPsec Authentication Header (AH) or Encapsulating Security Payload (ESP) packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to be processed by an affected device. An exploit could allow the attacker to cause a reload of the affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ipsec [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ipsec”]

This advisory is part of the September 26, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [“http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-69981”].

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJbq67uXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfcz/XQP/isMlb9FU8tSIC0VCDBlUkmkrCEG
gMOPfu4spZtLzJH17B8O1ZaQCGD0dJtjTvr7RwDgVTFL9kXKJ/Wfik5LyHXuxAqq
NHYYakPtA1JBOS3Mko5Rb5Vf26tBNf/bDIEq/jl/G7BICoYdwZPbINBYi49HjDtE
Nga8ROS+5IxUYqC4NXuADCfHqh5OIBdSV4LvGkGfxvWWpUcsACt9Khb8Ffc6jYud
RLJwmjxdUxt2qafX8WJ0qB/EYmxgIKqQr38TNUEjIU8t1FvrPmwI7FxQ2y7GBKrf
35sUV9qqMUZSXxdtpyF3HF/X2t+yOqjsKS8kPNXSz49kel23khcFBK+dDhMaypSD
xOdsxPfJZ8WG4gvczWZcQ+VDMPVRkmZidmxOLgcaJc8fMJqIzwl6ju5uvI6puY97
rBub1VHqISfldIaS+XlOOBnOtTyiToD2G8+piOyPhe0eYh7Vw04ABAnoYFNrOjCB
Nr29Hn5X6QRX94dEr/LKRxhzVQFJPcbq9nIJFvq5JrCmAOg4IpU87WWplurrQVg6
D+C8TY8tQXq0NPlW5zX/w8BwVkgEJx2lSudjek9FJtQJcv6hliY2mlFSGqhiyAgt
DCT9Eyx51J1wp3phCUbUs8GFggZ3yXG851EMC4Q64juPeli3r8TjDU479OGi2cVN
x01YMBcZJ8PVjuP+
=eAvT
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com